CVE-2023-54146Release of Invalid Pointer or Reference in Linux

CWE-763Release of Invalid Pointer or Reference7 documents6 sources
Severity
6.4MEDIUM
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix double-free of elf header buffer After b3e34a47f989 ("x86/kexec: fix memory leak of elf header buffer"), freeing image->elf_headers in the error path of crash_load_segments() is not needed because kimage_file_post_load_cleanup() will take care of that later. And not clearing it could result in a double-free. Drop the superfluous vfree() call at the error path of crash_load_segments().

Affected Packages4 packages

Linuxlinux/linux_kernel5.16.06.0.19+2
Debianlinux/linux_kernel< 6.1.7-1+2
CVEListV5linux/linux23cf39dccf7653650701a6f39b119e9116a27f1a4c71a552b97fb4f46eb300224434fe56fcf4f254+7
debiandebian/linux< linux 6.1.7-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-wg2w-8j36-3rqh: In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix double-free of elf header buffer After b3e34a47f989 ("x86/kexec:2025-12-24
OSV
x86/kexec: Fix double-free of elf header buffer2025-12-24
OSV
CVE-2023-54146: In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix double-free of elf header buffer After b3e34a47f989 ("x86/kexec: fi2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: x86/kexec: Fix double-free of elf header buffer2025-12-24
Debian
CVE-2023-54146: linux - In the Linux kernel, the following vulnerability has been resolved: x86/kexec: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54146 Impact, Exploitability, and Mitigation Steps | Wiz